Canonical dismisses Ubuntu security concerns

Concerns over the security of the Ubuntu Linux distribution arose this week, when five out of eight local community servers sponsored by Canonical had to shut down. The servers had "started attacking other systems", according to an Ubuntu newsletter.

The issue first came to light on Saturday when Ubuntu users voiced concern over a problem with local community (loco) hosted servers.

Canonical moved quickly to minimise the issue and reassure users that the OS is secure. "This is not a problem with our production servers," Gerry Carr, marketing manager of Canonical told ZDNet.co.uk. The issue was with "loco servers that we pay for, but that do not sit in our data centre". As a result, the security in Canonical's data centre was "in no way compromised by these attacks", Carr said.

While the company "held its hand up" in regard to the problem, it completely rejected any implication that user security had been compromised, Carr said.

"Any imputation, and there has been some, that this episode has, or had, any bearing on our enterprise readiness or the Ubuntu downloads is so completely wide of the mark as to miss the point entirely," he said. "It has nothing to do with downloaded copies of Ubuntu; it is separate servers on a separate network in a separate location."

But the company did accept that the servers had been poorly managed. The problem arose because the responsibility for security lay "between Canonical and the community", Carr said.

"Most of the time" this was just as it should be, Carr said, but "server management is maybe not one of those times".

The issue is one for the community to decide, he said. "Either the loco servers come into our data centre and are subject to our standard, rigorous security and management or they sit completely outside of it and are run by the community."

The issue is outlined in detail in an email from Ubuntu's community manager, Jono Bacon.